We take security seriously at Redirector. If you discover a security vulnerability, please follow these steps:
Please provide as much detail as possible:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Affected versions
- Suggested fix (if you have one)
- Your contact information for follow-up
- Acknowledgment - We'll acknowledge your report within 48 hours
- Assessment - We'll assess the vulnerability and determine severity
- Fix Development - We'll develop a fix for the issue
- Testing - We'll test the fix thoroughly
- Release - We'll release the fix and security advisory
- Recognition - We'll credit you in our security advisory (if desired)
When using Redirector, please follow these security guidelines:
- Use strong passwords for dashboard authentication
- Change default credentials immediately
- Consider using environment variables for sensitive config
- Run behind a reverse proxy (nginx, cloudflare) in production
- Use HTTPS/TLS termination
- Implement proper firewall rules
- Consider VPN access for sensitive operations
- Regularly backup your database
- Use encrypted storage for sensitive data
- Implement data retention policies
- Sanitize logs before sharing externally
- Use official Docker images only
- Keep images updated to latest versions
- Run containers as non-root user (default behavior)
- Use Docker secrets for sensitive data
- Monitor logs for suspicious activity
- Implement rate limiting where appropriate
- Use campaign isolation for different operations
- Regularly review access logs
Redirector logs comprehensive request data including:
- IP addresses
- User agents
- HTTP headers
- Request timing
- Optional request bodies (if enabled)
Important: Be aware of privacy laws (GDPR, CCPA) and obtain proper consent when collecting user data.
When using Cloudflare tunnels:
- Tunnel URLs are publicly accessible
- Consider authentication for sensitive operations
- Monitor tunnel logs for unexpected traffic
- Disable tunnels when not needed
- SQLite database contains all logged data
- Secure database file permissions
- Consider encryption at rest for sensitive data
- Implement backup encryption
We provide security updates for the following versions:
| Version | Supported |
|---|---|
| 2.x.x | β Active support |
| 1.x.x | |
| < 1.0 | β No longer supported |
For production deployments:
- Enable dashboard authentication
- Use HTTPS with valid certificates
- Configure proper firewall rules
- Set up log monitoring and alerting
- Implement backup and recovery procedures
- Regular security updates
- Network segmentation where possible
- Access control and user management
This tool should only be used:
- With proper authorization
- In compliance with applicable laws
- For legitimate security research
- With respect for privacy rights
Do not use Redirector for:
- Unauthorized data collection
- Malicious redirects or phishing
- Privacy violations
- Any illegal activities
Redirector includes several built-in security features:
- Non-root execution in Docker containers
- Sensitive header filtering (auth tokens, cookies)
- Rate limiting capabilities
- Input validation on all endpoints
- Secure defaults in configuration
- Audit logging for security events
For security-related questions or concerns:
- General Issues: GitHub Issues (for non-security bugs)
- Documentation: README.md and inline help
We recognize security researchers who help improve Redirector:
Thank you for helping keep Redirector secure! π